update

2023-07-16 18:56:07 -05:00
parent d92db642f1
commit 4c4cc71aa5
3 changed files with 369 additions and 22 deletions
--- a/kong/templates/certs.yaml
+++ b/kong/templates/certs.yaml
@@ -0,0 +1,32 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: quickstart-kong-selfsigned-issuer-root
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: quickstart-kong-selfsigned-issuer-ca
+spec:
+  commonName: quickstart-kong-selfsigned-issuer-ca
+  duration: 2160h0m0s
+  isCA: true
+  issuerRef:
+    group: cert-manager.io
+    kind: Issuer
+    name: quickstart-kong-selfsigned-issuer-root
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  renewBefore: 360h0m0s
+  secretName: quickstart-kong-selfsigned-issuer-ca
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: quickstart-kong-selfsigned-issuer
+spec:
+  ca:
+    secretName: quickstart-kong-selfsigned-issuer-ca
--- a/kong/templates/secrets.yaml
+++ b/kong/templates/secrets.yaml
@@ -45,3 +45,37 @@ spec:
        kubernetes:
          mountPath: "kubernetes"
          role: "external-secrets"
+
+---
+
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kong-config-secret
+spec:
+  secretStoreRef:
+    name: vault-kong
+    kind: SecretStore
+  target:
+    name: kong-config-secret
+  data:
+  - secretKey: admin_gui_session_conf
+    remoteRef:
+      key: secrets/kong/config
+      property: admin_gui_session_conf
+  - secretKey: kong_admin_password
+    remoteRef:
+      key: secrets/kong/config
+      property: kong_admin_password
+  - secretKey: password
+    remoteRef: 
+      key: secrets/kong/config
+      property: password
+  - secretKey: pg_host 
+    remoteRef: 
+      key: secrets/kong/config
+      property: pg_host 
+  - secretKey: portal_session_conf
+    remoteRef: 
+      key: secrets/kong/config
+      property: portal_session_conf